Red Flags Compliance

On January 1, 2011 – the FTC’s rules went into effect requiring many businesses and organizations to recognize certain “Red Flags” that indicate the possibility that someone is committing fraud or identity theft.

Any business or organization subject to the FTC’s regulations, must have:

Procedures in place to spot red flags and prevent potential fraud, identity theft and money laundering.

The Red Flag program requires those organizations and businesses to implement a WrittenIdentity Theft Prevention Program (ITPP).

The Program must be formally approved by the board of directors or personally approved by an individual in senior management

What are some of the Risks of Non-compliance?

Financial risks, including civil penalties and sanctions, may be administered by the FTC and individual state attorney generals.

Legal liability

Regulatory sanctions or charges of deceptive business practices.

Damage to company’s brand or business relationships

Loss of customer trust and reputation.

A “knowing” violation of the rule is subject to a $2,500 civil penalty for each violation. This translates to a risk of $2,500 per each customer record – which doesn’t include the potential costs of an independent 3rd party audit for up to 20 years.

Violators may also be liable for damages private lawsuits in state courts, including civil actions through the state attorney general’s office as well as class action lawsuits.